From an empirical point of view, the public chain is safe. Throughout its history (although it is still short), the public chain has indeed fulfilled its design purpose: smoothly processing transactions. This is what we all see. As for why this is the case, it is difficult to come up with a theory to explain it.
Faced with projects that they are optimistic about, people usually explain their safety from what they can understand and value most. “What guarantees the security of XX public chain?” No matter who you ask this question, the answer you get is nothing more than economic incentives, decentralized computing power, full nodes, and fanatical communities that share the same values. This is not surprising: as the law of tools (also known as Maslow’s hammer) says, people rely too much on the tools they are familiar with. If you only have a hammer in your hand, you will treat everything as a nail.
I don’t think any one of the above factors is sufficient to ensure the security of the public chain. Even if a public chain is impeccable in a certain aspect, it is not difficult to attack it. For example, in a network where all users run full nodes, miners can still fake another chain to control all the assets on the chain. Therefore, all factors must complement each other and influence each other to provide sufficient security for the permission-free digital cash system.
Analysis of the onion model of blockchain security
I proposed a blockchain security model, hoping to clearly show every element that constitutes security. This model is designed to help us look at the public chain more comprehensively, find out its advantages and disadvantages, and compare different public chains. The security of the public chain is like an onion, each layer adds additional security.
If you want to destroy a public chain forever, you must destroy the user’s trust in the state of its ledger (ownership list), and also make the public chain unable to reliably update the state of the ledger. Several security layers outside are designed to prevent this from happening.
Attacks must pass through this funnel-shaped defense layer to reach the core. Now, let us analyze these security layers one by one.
The outermost protection is provided by cryptographic guarantees. Cryptography is the most reliable form of guarantee, so we hope it will serve as the first line of defense to block as many attacks as possible. Cryptography can mainly guarantee the following points:
- No additional tokens can be issued out of thin air: all blocks (and all block rewards) must be accompanied by valid proof of work.
- Unable to misappropriate others’ tokens: The digital signature scheme can ensure that tokens can only be used by their legitimate owners.
- Unable to tamper with the data of the previous block: Thanks to the hash pointer, if an attacker wants to tamper with the data of a previous block, he must reconstruct the chain from that block to the current block.
The above-mentioned attacks were all blocked outside the first line of defense:
However, as strong as cryptography, there are guarantees that it cannot provide. For example, if two chains of the same length appear, it cannot decide which one is right (this requires information from the real world, such as “Which chain will most people choose” and “Which chain will have a market value in the long run? Higher”). It also cannot force miners to mine on specific blocks, broadcast them immediately after mining blocks, or even ensure that they pack specific transactions.
Some attacks that pass through the first security layer will be blocked at the consensus layer. Under the Satoshi Nakamoto consensus, nodes always pay attention to the network and automatically switch to the longest (highest cost) chain. Only miners who dig a block on the longest chain can get paid. Therefore, they need to reach consensus with other miners. This leads to the extreme preference for miners to mine at the top of the chain, so that their blocks are most likely to be recognized by other miners.
If malicious miners want to mine on previous blocks, they must compete with other miners who are mining at the top of the chain. He must dig out blocks faster than all other miners in order to catch up and surpass them. However, the rate of block generation depends on the proportion of computing power, and the possibility of his success is extremely low, even if it is just a simple reorganization.
To launch an effective attack, the attacker must first gain control of the consensus layer. This means that if it is a workload proof consensus mechanism, more than 50% of the computing power needs to be controlled; if it is a Byzantine fault-tolerant equity proof consensus mechanism, more than 33% of the deposit needs to be controlled; if it is based on the longest chain principle of equity To prove the consensus mechanism, you need to control more than 50% of the deposit.
The difficulty of this type of attack is usually underestimated. For example, the government is often regarded as the biggest threat to the public chain. However, if they want to purchase the necessary hardware in the primary market, they will soon find that the annual output of hardware is limited by chip foundries in China, Taiwan, and South Korea. The output of these chip foundries is restricted by factors such as rare earth mining in Australia and wafer production in Asia and Africa. Therefore, the annual output of chips is very limited, even if the buyer is no longer active, it will not help. It takes at least 2 to 3 years to buy the necessary hardware, and it is still impossible to be unconscious.
Unless the government confiscates existing hardware to obtain 50% of the computing power or force mining pool operators to join forces to launch attacks. This might work at the beginning, but it won’t work until the miners detect and transfer their computing power. Although this type of attack is unlikely to happen to Bitcoin in the short term, it is hard to say for small networks with less computing power or deposits.
As I have discussed before, thanks to economic guarantees, if an entity controls the consensus layer, the blockchain will not immediately collapse. By adopting appropriate incentives, the blockchain can make evil has a real cost. This is possible because the blockchain introduces the concept of digital scarcity (and value) through native tokens, which can reward good deeds (through block rewards and handling fees) and (through penalties for deposits or deduction of future rewards) Punish evil deeds.
The scale of rewards and punishments is proportional to the participants’ control over the consensus layer. If participants who control more (or even most) computing power destroy the network, the losses will be even greater. Therefore, the potential economic loss will discourage attackers.
Not all economic incentives are the same. The higher the value of the block reward relative to the value of the network (Translator’s Note: It seems to mean the proportion of block rewards and fee rewards in the income of miners), the higher the security of the network, because this will affect the interests of miners Bigger. (This is why lower block rewards pose a threat to Bitcoin’s security).
Miners are also stakeholders, because hash calculations require specialized hardware (ie ASIC miners). Once the entire network disappears, these hardware will become a pile of scrap iron. Therefore, it is no coincidence that all mining attacks so far have occurred in small networks that are superstitious and resistant to ASICs. Attackers only need to pay a small price, or even pay no price to control these networks (for example, through the use of computing power lease).
As we mentioned above, if we want to destroy a public chain forever, we must destroy the user’s trust in the state of its ledger (ownership list), and make the public chain unable to reliably update the state of the ledger.
This is because the blockchain itself is not our destination. We have no reason to pack up and go home because of a temporary partial failure of a chain. Blockchain is just a means to automate the process of establishing social consensus, a tool to maintain and update shared databases. The state of the database is valuable to participants, so participants have a strong incentive to repair it when the system crashes.
For example, if the cryptographic hash function is cracked, the social layer can (under the guidance of technical experts) reach an artificial consensus to replace the damaged part:
Similarly, if a consensus attack defeats economic assurance, the society will also artificially block it. If an attacker who has most of the computing power starts to launch a DOS attack on the network by hollowing out blocks, regardless of the economic loss he will suffer, the user can decide to change the PoW function to artificially remove the miner’s control of the network.
As we have seen, if you want to permanently kill a blockchain, you will either completely lose interest in the state of its ledger, or you will destroy the system to an irreparable level.
When an attack can penetrate all security layers and eventually defeat the social core of the system so that it can no longer repair the outer security layer, the system will face great danger.
In order for both self-repair and human intervention to work, the community of each project needs to establish a strong social protocol around the main characteristics of the project. Take Bitcoin as an example. Its core values include transaction irreversibility, censorship resistance, no backwards compatibility updates, and 21 million token issuance cap. These values not only provide a blueprint for the behavior of social intervention, but also form Schelling’s point of restoration options.
The core values of a project need to be renegotiated constantly, and not all users agree with these characteristics. However, the stronger the consensus reached by the community on a certain value, the more likely it is that this value will be adhered to in times of crisis.
If we regard the social layer as the “primordial explosion point (note: the central point of the atomic bomb)” of all blockchains, social engineering attacks are indeed a major threat. If a malicious developer can sneak into the system to tamper with the code without supervision, especially in a system with frequent hard forks, it will weaken the defense of the peripheral security layer (click here to read the related article).
I found that the onion model can analyze how each layer protects the security of a blockchain. To some extent, this model is an extension of my previous article “Analysis of Bitcoin’s Social Contracts” any public chain is derived from a set of common core values and a blueprint for the vision of the system.
This set of values must be transformed into rules of interpersonal behavior (ie, agreement!). Then, we automatically execute these rules to achieve different types of guarantees: economics, consensus, and cryptography. The system enhances social scalability by constraining the behavior of participants, and cooperates with each other to create wealth in a low-trust environment.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/analysis-of-the-onion-model-of-blockchain-security-part-1/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.